Critical Veeam Backup for Google Cloud Vulnerability – CVE-2022-43549

A critical security vulnerability has been discovered in Veeam Backup for Google Cloud (KB4374). If you don’t have automatic updates enabled, then better take a look at this.

Veeam


Vulnerability Details:

During Veeam’s internal testing, a vulnerability was discovered within the Backup Appliance component of Veeam Backup for Google Cloud that allows users to bypass authentication mechanisms.

CVE-2022-43549:
Severity: Critical
CVSS v3 Score: 10.0
Status: Resolved

Solution:

A fix has been released to resolve the discovered vulnerability in Veeam Backup for Google Cloud versions 1 and 3. For most users, no actions will be needed, as the Veeam Updater component will have automatically installed this fix during its daily check for updates1. After the fix has been installed, the Backup Appliance will be restarted automatically. For environments where the Veeam Backup for Google Cloud backup appliance does not have access to repository.veeam.com, the fix will have to be manually deployed2 or internet access configured to allow access to the update server.

Info (automatic Patching of Components):

The fix for the vulnerability discussed in this article has been automatically deployed to all Veeam Backup for Google Cloud Backup Appliances that have been configured to have access to repository.veeam.com. Most users will have no additional actions to perform beyond confirming the Veeam Updater component version.

For deployments where the Veeam Backup for Google Cloud Backup Appliance does not have network access to the Veeam Update Repository, the fix must be deployed manually.

 
 

New Veeam v12 Platform Overview: Blog Post
OpenSSL patch (v3.0.7) for Vulnerability 2022: Blog Post
Building a SOC: Blog Post
List of vendors and software affected by the OpenSSL vulnerability: Blog Post
Critical OpenSSL Vulnerability version 3.0: Blog Post
Veeam v12 Linux Without SSH And SUDO: Blog PostHardened Repository in Veeam v12: Blog Post
Wasabi Object Storage Usage with Veeam B&R v12: Blog Post
VeeaMover in v12: Blog Post
Ransomware & Cybersecurity with Veeam v12: Blog Post
Why backup directly to Object Storage? Blog Post
Veeam B&R v12 New Features Overview: Blog Post
[REPLAY] Webinar Veeam v12 and Wasabi: Replay
Protect your data with Veeam and Wasabi: Blog post
Wasabi – Object Lock feature spotlight: Blog post
Veeam and the S3-compatible object storage solutions: Blog Post
[PODCAST] VeeamUser Group France #1: Record
Conti initiates their attacks on Backup: Blog Post
Backup with Trusted Repository Storage: Blog Post.
Protect your Backup against Ransomware: Blog Post.

Please follow and like us:
Advertisement
error

Enjoy this blog? Please spread the word :)